Wish List

[rdude]

How about snmpd ?

It was on Oleg's todo list at v1.7.5.9 times...

[tomilius]

How about snmpd ?

It was on Oleg's todo list at v1.7.5.9 times...

If you search the forum you'll probably find out why it can't be put into the firmware...



Anyway, I have another wish!
IPv4 IGMP support in the kernel! I... don't and probably will never use IGMP, it just bugs me knowing it's not there, especially because my ISP keeps automatically querying me about it (I see the V2 Membership Query packets with tcpdump) and the router doesn't reply. That's no big deal at all, but... why not have something that could probably be had at the expense of a few KB? I'm guessing ASUS took it out or commented something out to get rid of it for security purposes but I wouldn't mind it just being there even if I didn't use it. I mean, there's /proc/net/igmp6 but not /proc/net/igmp ...

So that's that.

[Oleg]

How about snmpd ?

It was on Oleg's todo list at v1.7.5.9 times...

In fact it's already ready to be included (I've prepared it some time ago during the early 1.8.1.7 port phase and it's in the sources already), but it's really big (about 700k) and outputs just several octects of data, so it's space wasting stuff. At the time before 1.9.2.7-3c there was no space in the flash, so it was not included. At the moment I've some free space, but I've a choice: either to use it for other usefull apps or just fill it with snmpd. The things, which could be added includes newer samba version instead of current ancient one.

[tomilius]

I have yet another wish, but a simpler one: the iprange match for iptables. This would be extremely useful for bridged VPN stuff. You may want the computers on your network, but you may not want to give them as much access as computers physically on the network (for example, you may want to block access to the router's web config, telnet, etc for the range assigned by openVPN alone).

As for snmpd, I was under the impression it was upwards of 20mb or something... guess I need to learn better searching myself

[Oleg]

I have yet another wish, but a simpler one: the iprange match for iptables. This would be extremely useful for bridged VPN stuff. You may want the computers on your network, but you may not want to give them as much access as computers physically on the network (for example, you may want to block access to the router's web config, telnet, etc for the range assigned by openVPN alone).

Just group them to "subnets", then use "-s 192.168.1.16/29" - this way 8 adresses are matched.

[hugo]

snmpd is already done multiple time, however, it would be nice to have a well balanced version, with a good response time and yet a small memory footprint and still enough value to peek. Maybe this could be made a package? I mean not a generic one, but one made specificaly for Asus routers.

But a good feature would be to add bridge firewall abilities: ebtables is working with openwrt modules, but the most interesting would be to patch the kernel with a ebtables/bridge-nf patch to use rules from iptables to specify rules based on protocols, not MAC adress

[tomilius]

Just group them to "subnets", then use "-s 192.168.1.16/29" - this way 8 adresses are matched.

I was considering that but didn't want to deal with the math
Thanks for doing it for me

(... useless junk edited out; I'm using a different method now anyway)

Still... iprange might be kind of nice. Especially connlimit. (iplimit/connlimit would be very, very, very useful, and I definitely would like it to be there at some point... I mean it would be nice, eventually).

I should just learn how to compile for the WL-500g. It's not easy enough for a simpleton like me.

[Oleg]

snmpd is already done multiple time, however, it would be nice to have a well balanced version, with a good response time and yet a small memory footprint and still enough value to peek. Maybe this could be made a package? I mean not a generic one, but one made specificaly for Asus routers.

I've disabled EVERYTHING not needed, but it's still about 700k. The problem is that even with some features disabled the stuff is still links to the resulting binary, wasting a space.

But a good feature would be to add bridge firewall abilities: ebtables is working with openwrt modules, but the most interesting would be to patch the kernel with a ebtables/bridge-nf patch to use rules from iptables to specify rules based on protocols, not MAC adress

I'm thinking of including ebtables support already.

[tomilius]

I'm thinking of including ebtables support already.

I'm thinking of throwing a party!

Not to add to unnecessary side-conversation or overspeak (though I am), but I would definitely like to see ebtables.

[tomilius]

Oleg--I was wondering if you did or did not plan to put connlimit support in the next version. As I've mentioned at least twice in an annoying, nagging way, I'd really like it . If you have no plans to include it, I'd like to know so I can decide whether or not I should start working on it myself (which is a biggie for me).

[Oleg]

tomilius, the problem is that this target is not supported in current iptables, so adding it would require patching kernel, switching to newer iptables and testing, testing, testing... So, at the moment I'm a bit busy to do so...

[tomilius]

Thank you. That's OK. I've been trying to do it anyway, but I have problems compiling 1.9.2.7-4 (maybe I'll make another thread).

UPDATE: Well, I was able to compile and all (with some new packages and using 'make install' and not 'make image-wl500g')... iplimit is a possibility for now if you could please include that. broadcom/src/router/iptables/patch-o-matic can be "./runme base"'d with broadcom/src/linux/linux for the KERNEL_DIR, and from there things like iplimit can be patched in simply. I'm not actually exactly sure that it works yet... it's still compiling... but it should, and I'll edit this again if it does.

UPDATE again: Err.. uhh.. I may have done it wrong, but none of the stuff requiring patch-o-matic works. Not ttl, not psd, not iplimit... none of it. I got as far as getting them to actually compile and show up and everything, but they all have the same familiar "No chain/target/rule" problem. It may just be a matter of the kernel not getting recompiled or something because patch-o-matic confirms the patches were made.

UPDATE again with realization that this is not the place to put this stuff but carelessly putting it here anyway:
I .. think it was something to do with not having the stuff enabled in the kernel config before compiling (make menuconfig). Grr. This stuff is tricky. We'll see how it turns out.

SUMMARY: OK, yeah. So anyway. The patch-o-matic iplimit patch just needs to be applied, and then a make menuconfig and a Networking options and a Netfilter thingy and ... then include the iplimit junk. I got it. *yawn* ... Not very specific, but I know very little about this stuff and I figure you, Oleg, probably know what I mean anyway.

NOTE: There are some other features I find very useful involving iptables, such as psd... I have a nice setup now which blocks port scanners for 180 seconds, and I was surprised at how not-very-hard-if-you-know-what-you're-doing it was to set this stuff up.

[ladic]

I wish "screen". It's terminal manager with many useful functions.
I don't know how to compile it cos I'am linux newbie.
http://seth.positivism.org/man.cgi/1/screen
http://bent.latency.net/bent/darcs/screen-4.0.2/spec

[sup]

Hi, do you think it would be possible to include a feature, which would enable bandwidth management only at certain times of a day? I am talking about something similiar, which already works for internet firewall. I think it would be much more , because I (and I suppose so do others) need to protect my network with firewall all the time but I need to restrict download and upload speeds only when I need to browse or get my mail or something alike. What do you think about it?

[Styno]

Hi, do you think it would be possible to include a feature, which would enable bandwidth management only at certain times of a day? I am talking about something similiar, which already works for internet firewall. I think it would be much more , because I (and I suppose so do others) need to protect my network with firewall all the time but I need to restrict download and upload speeds only when I need to browse or get my mail or something alike. What do you think about it?

You could achive that using a scheduler (cron) and the Wondershaper (wshaper) script. Search here on this forum and Google for info on cron and this forum for howto use the Wondershaper script.